Security Suite

AbuseIPDB is a project managed by Marathon Studios Inc. It provides a central repository for webmasters, system administrators, and other interested parties to report and identify IP addresses that have been associated with malicious activity online.

Google 2-Step Verification (also known as two-factor authentication), adds an extra layer of security to your account. With this, we can protect our online account with both our password and OTP sent over the phone.

Mailboxlayer offers instant email address validation & verification via syntax checks, typo and spelling checks, SMTP checks, free and disposable provider filtering, and much more. It helps developers and businesses in fighting fraudulent users, increasing success rates of email campaigns, and only sending email to real customers.

MaxMind is a leading provider of IP intelligence data and online fraud prevention tools. With GeoIP services, it helps businesses to track geolocation information about their online visitors coming on the website.

Security Suite extension helps the store owner to detect the security threats and protect the online store from the numerous cyber-attacks, hacks, and unauthorized access. The admin can prohibit any specific file type from getting uploaded on the website, whitelist, blacklist IPs, ban the users country-wise from accessing the website. The admin receives the brute force attack notifications. The admin can validate customer email addresses and can keep a track of all the failed login attempts, report the abuse IPs on Abuse IPDB, and detect fraud customer registrations. The admin can also enable Google 2-Step Verification for the customer login. This assures the store owner and customers a hassle-free and secure online store experience. 

Business Value

The most essential feature of any website is to run smoothly and securely. As web stores are prone to security breaches. It is one of the prime and foremost requirements of any online store owner. After all, it is the security method of the store that has to keep the account information and transactions secured and protected from any cyber attacks or hacks. This is even crucial to retain the customer’s trust. Obviously, no customer wants to hear that their confidential information like card details, addresses are prone to cyber fraud. Henceforth, big businesses prioritize the security issues to bring a secured experience to their online stores. This makes them able to make a significant mark in the world of e-commerce. Thus, integrating the Security Suite extension to the Magento web store will turn out to be a great advantage for the store owners all the way. This will enhance the customer faith and add value to their e-commerce enterprise.

Security Suite extension will allow the store owners to integrate multiple types of security services into their online stores to prevent hackers or any unauthorized accesses. Further, this extension facilitates the brute force notification and the customer email address validation. Making use of a security suite is a proficient way for securing sensitive online store data and surely works as a booster to enhance the web traffic as it brings the customer’s trust in your store.

Account & Pricing

The extension integrates multiple 3rd party services into the online store. Additional accounts and credentials are needed to use all the features of the Security Suite extension.

• To enable the country ban feature, the admin needs to have a Maxmind GeoIP license key. GeoLite2 databases are free IP geolocation databases, click here to signup.
• To enable Google 2-Step Verification, the customers need to download and use the Google Authenticator Android app or iOS app. This is a free service.
• For checking and reporting malicious IP abuses, the admin needs the AbuseIPDB API key. Four subscription plans (free, basic, premium, enterprise) are available, check details here.
• For verifying customer email addresses, the admin needs the Mailboxlayer API key. Four subscription plans (free, basic, professional, enterprise) are available, check details here.

Features List

• Notifies the admin of unauthorized login information.
• There is a Master Password feature to block all sub-user accounts.
• It allows the admin to get each file upload notification in the system.
• The admin can restrict the particular file types from getting uploaded.
• The admin can ban the users from any country to login into the admin panel.
• The admin can protect the admin panel from a Brute Force attack.
• Brute force logs are available to the admin.
• The admin can blacklist/whitelist the IPs.
• AbuseIPDB is integrated with this module to block and report suspicious IPs.
• Mailboxlayer is also integrated to validate the email addresses of customers.
• Real-time email validation for customers is also available.
• Customers can use Google 2-Step Verification to protect their accounts.
• The admin can create custom email templates for each action.
• The admin can scan all directories/file permission based on his selection.

How Does The Extension Work?

Get Unrecognized Admin Panel Login Alerts

The admin will get alerts each time there is an attempt of the admin logins through unrecognized and unauthorized means. The admin can select the CMS pages for IPs that are blocked by the user.

Block Sub-Admin Users

The admin can select an option to reset the password. After that, all the sub-the admin or users will be blocked and will be shared an email with the reset password link.

Malicious File Security

This module comes with a feature to secure the web store from being damaged by malicious files. The admin will need to configure the Get Notification if Any File Uploads to get the notification for all the files uploaded on the website. After that, the admin will configure the Prevent Uploading File With Extensions to prevent uploading on his website and to get a notification for prevented file uploads. Also, the admin will configure the Receive File Malicious Notification on Email Address option to set the email address on which the notification will be shared when the malicious file is uploaded.

Ban User Country Wise

This feature facilitates the store admin to ban the countries where the admin panel and storefront will not be accessible. After enabling the option, the admin can select the country for which the country ban will be enabled. The module has an option to download and update the GeoIP2 library. This will update the library for detecting the current geolocation of customers using their IP addresses.

Whitelist/Blacklist IPs

This feature allows the admin to configure all the whitelisted and blacklisted IPs by mentioning them in Blacklist and Whitelist IP(s) sections. The admin can also maintain the debug logs for enabling IPs.

Google 2-Step Verification

This functionality will allow the store owner to enable the Google Two-Step Authentication for the customer login activities. The customer can enable or disable 2FA from their account section.

Protect Against Brute-Force

The security suite facilitates the admin to protect the online store from brute force or proxy login attacks. It will also send the warning email on the added email address for any suspicious login activity.

AbuseIPDB

With this integrated feature the admin can report the IP abuses. If the proxy login attack is detected then the IP will be auto reported. The admin can enable IP block based on the confidence score of the abuse. The admin can define the fixed score as to above which IP will be rejected.

Customer Email Verification

The admin can enable the Mailboxlayer real-time email address verification for customer signup for preventing any fraudulent registrations. If the valid email address is not entered, an error message will be shown.

Email Notification Templates

The admin can set different templates that will be shared with the sub-user and the admin. Moreover, the admin can select the sender to whom the notification will be shared and can also assign different templates for different scenarios.

View Admin Panel Login Logs

The security suite module comes with a feature to display the admin’s login logs. Showing detailed information - IP address, location, device, OS, etc.

View File Permissions

The admin will be able to identify whether the store is on Production or Developer or Default mode. The admin needs to select the server hosting whether shared (one user) or private (two users). Based on the same, the directories will be visible.

Brute Force Login Logs

This section will display all the brute force login logs so that the store owner can view the IP and their login URL, browser and even the login time details can be fetched.

Benefits

For Store Owner

• Protect online store frontend and backend from security breaches.
• Will ensure that there is no IP Spoofing or Brute Force attack on his website.
• Restrict the fraud customer login by validating the email addresses. 
• Ban IPs whose confidence score is lower than the defined.
• Disable one or more IPs or countries.

For Customers

• They will have their all confidential information secured.
• Will have a secure and hassle-free user experience.
• Create an additional layer of security with Google 2-Step Verification.

Support Policy

• You get free 3 months of technical support included.
• You can buy 6 or 12 months extended support agreement.
• For issues, please create a ticket or send email to support@webkul.com
• Free lifetime updates of the module.